Retaining content within Microsoft 365 is critical for all organizations. Within Microsoft 365, there are core retention features that can be used. In this video, Liam discusses the planning required for implementing retention.
- [Instructor] So when we think about retention policies, what is the reason for us actually creating them? Well, the first one could be to comply proactively with industry regulations, as well as some of the internal policies. So for example, being able to retain content for a specific period of time that meets the Sarbanes-Oxley Act, for example. We also look to reduce the risk in the event of a litigation or a security breach by ensuring that data is permanently destroyed. It's also to help you as the organization to share knowledge effectively and be more agile by ensuring that the users work only on the current and the most relevant information to them. So what can retention policies do? Well, a retention policy can help you achieve all of the goals that are commonly associated to retention. Managing content commonly requires two actions. It requires the retaining of content, so it can't be permanently deleted before the end of a retention period, or deleting the content permanently at the end of retention period. With a retention policy, you can decide proactively whether to retain content, delete content, or both. You can apply a single policy to the entire organization or specific locations or users, and you could apply a policy to all content or content that meets specific criteria or conditions, or even based on a sensitive information type. When you include a location such as a mailbox in a retention policy, the content stays within its original location. And this is referred to as in-place retention. If a user edits or deletes the content in a retention policy, a copy of that content is then retained. Utilizing in-place retention policies, the original content is retained in the Preservation Hold library when a user edits or deletes it. For email and public folders, the copy is retained in what's referred to as the Recoverable items folder. To understand how different retention policies are applied to content, you need to keep in mind the core principles of retention. Retention wins over deletion. Suppose that one retention policy says to delete exchange email after three years, but another retention policy says to retain exchange email for five years and then destroy it. Any content that reaches that three-year mark will be deleted and hidden from the user's view, but still retained in the Recoverable items folder until it's reached that five-year mark. Remember also that the longest retention period wins. If the content is subject to multiple policies that retain content, it will remain until the end of the longest period. Explicit inclusion wins over implicit inclusion. So this means if a label with retention settings is manually assigned by a user to an item such as an exchange email or OneDrive document, that label will take precedence over both a policy assigned at the site or mailbox level and any default labels that have been assigned. The shortest deletion period wins. Similarly, if contents' subject to multiple policies that delete content, it will be deleted at the end of the shortest retention period. Understand that principles of retention work as a tie-breaking flow from top to bottom. If the rules applied by all policies or labels are the same at one level, the flow will move down to the next level to determine the precedence for which rule should be applied. So let's talk about retention policies for SharePoint and OneDrive. So if the content is not modified or deleted during the retention period, it's moved into the First-Stage Recycle Bin at the end of that retention period. If the user then deletes the content from there or empties the recycle bin, the document is then moved into the Second-Stage Recycle Bin. A 93-day retention period spans both the First and the Second-Stage Recycle Bins. At the end of the 93 days, the document is permanently deleted from wherever it resides in either the First or the Second-Stage Recycle Bin. The recycle bin is not indexed, and therefore searches do not find any content that exists there. This means, for example, the eDiscovery hold won't be able to locate the content. Now if the content is modified or deleted during the retention process, a copy of the original content is then stored within the Preservation Hold library. There is a timer job that will run periodically and identifies items whose retention period has expired. These items are then moved to the Second-Stage Recycle Bin where they're permanently deleted at the end of the 93 days. Now let's talk about retention policies for exchange. Once again are two scenarios. If the item is modified or permanently deleted by the user during the retention period, the item is moved into the Recoverable Items folder. There is a process that will run periodically and identify items whose retention period has expired. And these items are then permanently deleted within 14 days. If the item is not modified or deleted during the retention period, the same process runs periodically on all folds in the mailbox, identifies those items with the retention period set for expired, and they're permanently deleted within 14 days of the end of the retention period. What about Microsoft Teams? So if a chat or channel message is modified or deleted by the user during the retention period, it's then moved into what's called the SubstrateHolds folder. This is a hidden folder in every user or group mailbox, and it's stored in that folder until the retention period expires. Messages are then permanently deleted on the day the retention period expires. If a channel or chat message isn't deleted during the retention period, it's then moved to the SubstrateHolds folder within one day after the retention period expires. The message is then permanently deleted one day after it is moved into the SubstrateHolds folder. So how do we create a retention policy? Well, we navigate to the Security and Compliance Center, click Records Management, choose the File Plan option, and then from the File Plan's Action, choose to create the labels and publish as needed. We can create retention policies by first defining the name and then the description that makes sense, then set the file plan descriptors from the drop-down or create a new, toggle the retention setting as required, review any of the configuration and adjust as needed, and then click Create this Label. Once we've done that one, we can go back to the File Plan Actions menu and click Publish Labels. We then select the label that we created, define the users, groups, and the locations that the policy will apply to, set the name and description as always, review the entire policy and then click Save.
This course maps to the Manage Microsoft 365 Governance and Compliance domain of the Microsoft 365 Mobility and Security (MS-101) exam.